On 15/09/16 05:00, Zygmunt Krynicki wrote: >> On 15 Sep 2016, at 01:43, Leo Arias <[email protected]> wrote: >> >> On 2016-09-07 19:31, Mark Shuttleworth wrote: >>>> 1) Is there some way I can be specifying a list of commands my snapped >>>>> app is allowed to call? >>> You could. But I think there is a class of things that should be allowed >>> to integrate with the classic shell environment, which means they can >>> shell out to lots of things. >> What about --devmode? Should devmode allow calls to all binaries in the >> $PATH? > As discussed a few times this is technically challenging to do. > > All of “classic” is visible from /var/lib/snapd/hostfs/ but there is no > guarantee that you can run them in any way. They may require the classic > dynamic linker, the classic runtime libraries and the classic filesystem > layout that are all lost when snap-confine sets up the execution environment. > If there’s desire to run executables from the outside we could look for > solutions but this is not as simple as “just use devmode”
I think this is a topic for the next snapfest community event, in October/November. Call it "snapping CLI utilities". Mark -- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
